<?php
// +----------------------------------------------------------------------
// | 幕小铺
// +----------------------------------------------------------------------
// | 版权所有 2016~2020 幕小铺科技（大连）有限公司
// +----------------------------------------------------------------------
// | 2020/03/14
// +----------------------------------------------------------------------
namespace app\common\middleware;
use think\facade\Debug;
 /**
 * 用户权限校验
 */
class AuthCheck{
     //第三个参数，可以通过路由赋值传递
    public function handle($request, \Closure $next, $name)
    {
        Debug::remark('all-begin');
        //判断如果是前端则权限校验
        if(config('url_controller_layer') == 'home'){
            // 系统开关
            if (!config('web_site_status')) {
                json_out(-8888, '站点已经关闭，请稍后访问~');
            }
            
            //判断模块
            $module = $request -> module();
            $controller = $request -> controller();
            $action = $request -> action();

            //特殊处理
            if($module == 'video' && $controller == 'Publics') return $next($request);
            if($module == 'erp' && $controller == 'Publics') return $next($request);
            if($module == 'api') return $next($request);
            
            //日志 记录
            $bodyinput = input();
            $body = json_encode($bodyinput, true);
            trace($body, 'input_params');

            if(isset($bodyinput['user_id'])){
                //特殊日志记录
                if($bodyinput['user_id'] == 4){
                    $body = json_encode($bodyinput, true);
                    trace($body, 'input_params_uid4');
                }

                //特殊日志记录
                if($bodyinput['user_id'] == 114){
                    $body = json_encode($bodyinput, true);
                    trace($body, 'input_params_uid114');
                }
            }
            
           

            $api_token = input('api_token');//dump(input());dump(input('api_token'));dump(config('api_token_key'));
            if($api_token != 'api_xiangmu'){
                json_out(-9004 , 'api密钥校验失败');
            }

            if(($module == 'user_center' && $controller == 'Publics') || $module == 'html5'){
        
            }else{
				//个别不用判断权限的 除外
                if($module == 'erp'){//视频模块 公开的接口
                    $controller_public_arr = config('controller_public_arr');
                    if(in_array($action, $controller_public_arr)){
                        return $next($request);//直接除外
                    }
                }
				
                //个别不用判断权限的 除外
                if($module == 'video'){//视频模块 公开的接口
                    $controller_public_arr = config('controller_public_arr');
                    if(in_array($action, $controller_public_arr)){
                        return $next($request);//直接除外
                    }
                }

                //个别不用判断权限的 除外
                if($module == 'user_center'){//用户模块 公开的接口
                    $controller_public_arr = config('user_center_public_arr');
                    if(in_array($action, $controller_public_arr)){
                        return $next($request);//直接除外
                    }
                }

                
                //判断access_token
                $access_token = input('access_token');
                $uid          = input('user_id');
                $res_arr = model('user_center/UcMemberAuthtoken', 'model\user') -> getDataByUid($uid);
                if($res_arr['code'] < 0) json_out(-9009, '用户不存在', (object)[]);
                
                if($res_arr['data']['access_token'] == $access_token){
                    if(time() > $res_arr['data']['access_token_expire_time']){
                        json_out(-9013, 'access密钥已过期', (object)[]);
                    }
                }else{
                    //测试用
                    if($access_token != 'access_xiangmu'){
                        json_out(-9003, 'access密钥校验失败', (object)[]);
                    }  
                }
            }
        }
        
        return $next($request);
    }
     
}